Stealth Falcon is a state-sponsored cyber espionage group that since 2012 targets political activists and journalists in the Middle East.
During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.
Google Project Zero disclosed a vulnerability in CTF, a Microsoft protocol used by all Windows versions since Windows XP that can be exploited with ease.
A couple of very brief tip, useful during a forensic acquisition.
Months ago, I published a post about Flare VM, a project by Fireeye/Mandiant researcher focused on the creation of a Windows-based security distribution for malware analysis. Recently, Fireeye released a similar project: another windows-based distribution, but this time dedicated to penetration testing and red teaming, named Command VM.